From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dev-bounces@dpdk.org>
Received: from dpdk.org (dpdk.org [92.243.14.124])
	by inbox.dpdk.org (Postfix) with ESMTP id ACA3FA3160
	for <public@inbox.dpdk.org>; Thu, 10 Oct 2019 15:43:40 +0200 (CEST)
Received: from [92.243.14.124] (localhost [127.0.0.1])
	by dpdk.org (Postfix) with ESMTP id 4A07A1E9A0;
	Thu, 10 Oct 2019 15:43:39 +0200 (CEST)
Received: from EUR01-DB5-obe.outbound.protection.outlook.com
 (mail-eopbgr150075.outbound.protection.outlook.com [40.107.15.75])
 by dpdk.org (Postfix) with ESMTP id E0D931E985
 for <dev@dpdk.org>; Thu, 10 Oct 2019 15:43:37 +0200 (CEST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=eICSXhHfbCLXTMqcdx5YjrLdbHlrprD42BusQonkT1vhduf2+Ix16vXi2fRCi0/NJaY9BX7PuWUVo3ZwEowxSbfeJA7VxnVlVW9No4NTfiJ4WbMxeS0rUeFZ4yWz9VrvejHDbCsINNyAFU67hd0NCaJZxAT1L7XRsKZK4MtQRDI0pnp9blJ7YoXur5WNi083JhbwuHHep746OnITZJzTqWAlNaN4QUjShdADhJuHslSod0uTJ9274Oo2S5qr/pxGL4M6tTc2BNBQsx3/K5Y5yaEV2wRnVdeX9aOw2tTSEZU7+bESw9O8VBIYugNyqQrEtotxzcxZzt9s74/0MCyAGQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; 
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=el6ZcA2kd3wzXWaaQLE+OgGFrlokxsmg4k76/jWrkXo=;
 b=DivCahuwQVrDlBnkFvZ82eHTfIJwqCk38Ra2zOY8zdxBAJ8VPGRv1mu2ze80nXPRSWMBnXYZKk1L8G47XCCEUIO8b0Wcx65U7skk9AQ7xOmpwo1xAalS3QhTKf3IWy9EG2gXzhFo0BJrfYht8hdj0LZG4aEg70w4+KpZ3NBwS1OZRVJ4AIQqTqA3IGKsQ8+UyDxjsWbSOGQTpvEWQHOqyqCMK5pijjQWjrwkKskzj6ejvNyxNTgsEnRkIDTF+JUP0Go6RcMwcTql1aeO+/J7Z8oiUnBbMNwbIWTygpUF0yrbxAOLq2CxQ0mNHPaUERZmmCqyQTIgQPxjGJx1xYZ7NQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=nxp.com; dmarc=pass action=none header.from=nxp.com; dkim=pass
 header.d=nxp.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector2; 
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=el6ZcA2kd3wzXWaaQLE+OgGFrlokxsmg4k76/jWrkXo=;
 b=RJlb0HpCh6QtHzdzspt/Aa9GSNOyE7n78B1LN3SY3dJ1BjFg5MUegQpIu6y7cvOUa649hhw/+EonaNx9swdsNI0b7fow4USoNuXi68zB8t7BMjm88nojTypfox9agCO+s7K1GfxQ0D+0qJ7UmJCi9T5tuy4AJk/BbLAu6dff+ng=
Received: from VE1PR04MB6639.eurprd04.prod.outlook.com (10.255.118.11) by
 VE1PR04MB6719.eurprd04.prod.outlook.com (20.179.235.208) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.2347.18; Thu, 10 Oct 2019 13:43:36 +0000
Received: from VE1PR04MB6639.eurprd04.prod.outlook.com
 ([fe80::c045:5df2:ba1f:c3ee]) by VE1PR04MB6639.eurprd04.prod.outlook.com
 ([fe80::c045:5df2:ba1f:c3ee%5]) with mapi id 15.20.2327.026; Thu, 10 Oct 2019
 13:43:36 +0000
From: Akhil Goyal <akhil.goyal@nxp.com>
To: Mariusz Drost <mariuszx.drost@intel.com>, "radu.nicolau@intel.com"
 <radu.nicolau@intel.com>, "konstantin.ananyev@intel.com"
 <konstantin.ananyev@intel.com>
CC: "dev@dpdk.org" <dev@dpdk.org>, Lukasz Bartosik <lbartosik@marvell.com>
Thread-Topic: [PATCH v2 1/2] examples/ipsec-secgw: fix SAD selection logic
Thread-Index: AQHVcsP1lt53B9uVGE6M+I+uUDtHm6dT+Z4A
Date: Thu, 10 Oct 2019 13:43:36 +0000
Message-ID: <VE1PR04MB663982F73052DEDC4FB3A7DCE6940@VE1PR04MB6639.eurprd04.prod.outlook.com>
References: <20190905123523.172-1-mariuszx.drost@intel.com>
 <20190924103539.12052-1-mariuszx.drost@intel.com>
 <20190924103539.12052-2-mariuszx.drost@intel.com>
In-Reply-To: <20190924103539.12052-2-mariuszx.drost@intel.com>
Accept-Language: en-IN, en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: spf=none (sender IP is )
 smtp.mailfrom=akhil.goyal@nxp.com; 
x-originating-ip: [92.120.1.72]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: a476b2b7-af98-45a6-e559-08d74d87d9ba
x-ms-office365-filtering-ht: Tenant
x-ms-traffictypediagnostic: VE1PR04MB6719:
x-microsoft-antispam-prvs: <VE1PR04MB67195995687F0B686F2456C3E6940@VE1PR04MB6719.eurprd04.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:5236;
x-forefront-prvs: 018632C080
x-forefront-antispam-report: SFV:NSPM;
 SFS:(10009020)(4636009)(136003)(39860400002)(346002)(366004)(376002)(396003)(13464003)(199004)(189003)(6116002)(2201001)(7736002)(76116006)(6506007)(66476007)(66556008)(64756008)(66446008)(76176011)(53546011)(305945005)(26005)(256004)(6436002)(74316002)(478600001)(102836004)(66946007)(25786009)(316002)(5660300002)(3846002)(52536014)(2906002)(86362001)(4326008)(81166006)(8676002)(6246003)(71190400001)(71200400001)(66066001)(8936002)(9686003)(55016002)(446003)(14454004)(33656002)(11346002)(486006)(99286004)(110136005)(7696005)(229853002)(186003)(54906003)(44832011)(2501003)(476003)(81156014);
 DIR:OUT; SFP:1101; SCL:1; SRVR:VE1PR04MB6719;
 H:VE1PR04MB6639.eurprd04.prod.outlook.com; FPR:; SPF:None; LANG:en;
 PTR:InfoNoRecords; A:1; MX:1; 
received-spf: None (protection.outlook.com: nxp.com does not designate
 permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: yLFGS0cwWeJdE02JHeoVsJ+xj1MXLYyXDAeT6gEiG5kFAgAqB3fC05UypYpl1vtA6D8Fllh+D2a0JlngIJ5kBuI4kYMQ49zDTo5w6D6mvwSJq5vX5HkKYdwvjlEctje5lEHzY81XvpC50xq3jrFCR6GZeSDL5K5IwG4guPXq7OX7IPp0DlOFntQvHW9nv2t4kvWkDDZAI14uFyGoaTvNsfOWK7ZE3vJGturaL2CrEFTE70inoqgRYFmeQHfVD7mRyCH4SLcnyuxrov7mEWC0G6fS/wH2lksLt+Ee/b3rNj8iyEE+btoTJ72b2xjkpsLm3lmur9t17efGajQGoosvrr9QMA0z+6T7jcCc/hOBRfyQbgmCx6Malae6R7iyL7tA03K5IzjyXOsWand9EvbMbR6puNx9mm2YnQOJLZ8cBHs=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: nxp.com
X-MS-Exchange-CrossTenant-Network-Message-Id: a476b2b7-af98-45a6-e559-08d74d87d9ba
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Oct 2019 13:43:36.4392 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 8z/gjBTNR8Atjgbdp6k/2ZpcXzxlfUoIgv28uf8Vv1X1Cop5KC2TQLLFKxry3FFw1wudneuwnHr3zrLTuAKg3g==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VE1PR04MB6719
Subject: Re: [dpdk-dev] [PATCH v2 1/2] examples/ipsec-secgw: fix SAD
	selection logic
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

Hi Mariusz,


> -----Original Message-----
> From: Mariusz Drost <mariuszx.drost@intel.com>
> Sent: Tuesday, September 24, 2019 4:06 PM
> To: radu.nicolau@intel.com; Akhil Goyal <akhil.goyal@nxp.com>;
> konstantin.ananyev@intel.com
> Cc: dev@dpdk.org; Mariusz Drost <mariuszx.drost@intel.com>; Lukasz Bartos=
ik
> <lbartosik@marvell.com>
> Subject: [PATCH v2 1/2] examples/ipsec-secgw: fix SAD selection logic
>=20
> Ipsec-secgw example application fails to initialize when using default
> configuration file (ep0.cfg) in library mode (librte_ipsec enabled).
>=20
> The reason is that two of SP rules in ep0.cfg, one for IPv4 and one
> for IPv6, are using the same SPI number. When SA rules are initialized,
> their SPI number is checked against SPIs stored in SPD. For library
> mode, it is not allowed for the same SA to handle both IPv4 and IPv6.
>=20
> Solution is to split SAD into two separate parts - one for IPv4 and one
> for IPv6. Usage of SAs stays the same. Only change is to pass correct
> SAD (IPv4 or IPv6) in places where previously combined database was
> passed.

Can we have 2 different SAs with same SPI value and with different IPv4 add=
resses?

Will the IPSec library be able to handle this case. With Setkey it is possi=
ble in linux.
Now that we have IPSEC library we should be compatible with what linux can =
do.

So splitting the SADB with IPv4 and IPv6 will just avoid the issue for IPv4=
 and IPv6 but the
Issue will still be there. I believe this should be fixed in library rather=
 than application maintaining
Two different databases. Library's intent is to reduce the application over=
head for maintaining
IPSec specific stuff.

>=20
> Split of SA entries is done at initialization stage. Most of given SA
> entries are checked against SPD. If matching entry is in IPv4 SPD, SA
> rule is added to IPv4 SAD (respectively for IPv6). Different splitting
> method is used only when SA entry is for tunnel in inbound direction.
> In that case if IPv4 tunnel should be used, SA entry is added to IPv4
> SAD (respectively for IPv6). Reasoning is that inner IP version can
> be different than outer IP version for tunneled traffic.
>=20
> Bugzilla ID: 239
> Fixes: 5a032a71c6d3 ("examples/ipsec-secgw: make app to use IPsec library=
")
>=20
> Reported-by: Lukasz Bartosik <lbartosik@marvell.com>
> Signed-off-by: Mariusz Drost <mariuszx.drost@intel.com>
> ---
>  examples/ipsec-secgw/ipsec-secgw.c |  48 ++--
>  examples/ipsec-secgw/ipsec.c       |   5 +-
>  examples/ipsec-secgw/ipsec.h       |  21 +-
>  examples/ipsec-secgw/sa.c          | 396 ++++++++++++++++++++---------
>  4 files changed, 312 insertions(+), 158 deletions(-)
>=20